Agency Information Guide
The Information and Privacy Commission NSW (IPC) has published its Agency Information Guide (AIG) in accordance with section 20 of the Government Information (Public Access) Act 2009 (GIPA Act). It provides a mechanism to make government information accessible, promote currency of information and appropriate release, and support the management of government information as a strategic asset.
The AIG appears below or can be viewed and downloaded here IPC Agency Information Guide February 2020.
The Information and Privacy Commission (IPC) is committed to ensuring that citizens can access information about us easily and at the lowest reasonable cost.
Given our regulatory role, we have a mandated focus and commitment to access to government information. We especially support the broad object of the Government Information (Public Access) Act 2009 (GIPA Act) to advance a system of responsible and representative democratic Government that is open, accountable, fair and effective. We also uphold the specific presumption in the Act in favour of the disclosure of government information unless there is an overriding public interest against disclosure.
Agency Information Guides (AIGs) play an important role in promoting access to information, supporting participation and contributing to Open Government. As government transforms service delivery through the application of digital technologies, information should be more readily accessible to citizens. New ways of storing, locating and providing information become available through digital technology and agencies have new opportunities to uphold their responsibilities to make information available.
This AIG is published in accordance with section 20 of the GIPA Act and provides a mechanism to make government information accessible, promote currency of information and appropriate release, and support the management of government information as a strategic asset.
The purpose of this IPC AIG is to provide general information on the:
- structure and functions of the IPC
- ways in which the functions of the IPC, including the decision-making functions, affect members of the public
- specific arrangements in place to enable members of the public to participate in the formulation of IPC policy and the exercise of IPC functions
- kinds of government information held by the IPC
- kinds of government information held by the IPC that we make publicly available
- the manner in which the IPC makes or will make government information publicly available
- kinds of information that are (or will be) made publicly available free of charge and those kinds for which a charge is (or will be) imposed.
Where appropriate we have provided links to documents, reports, data and other information throughout this AIG.
This AIG is reviewed regularly and at least every 12 months and is available from our website at www.ipc.nsw.gov.au/agency-information-guide. We value your feedback on this AIG to ensure that we achieve the highest levels of accessibility. You can provide feedback to us by phone to 1800 472 679 or email to firstname.lastname@example.org.
IPC CEO, Information Commissioner
NSW Open Data Advocate
The IPC was established on 1 January 2011 under the Privacy and Government Information Legislation Amendment Act 2010 by merging the Office of the Information Commissioner and Privacy NSW. The Bill established the Information Commissioner as Chief Executive Officer of the Information and Privacy Commission.
We are a separate agency that administers NSW legislation dealing with privacy and access to government information. We support the Information Commissioner and the Privacy Commissioner in fulfilling their statutory responsibilities and functions to ensure that individuals and agencies can access consistent information, guidance and training on information access and privacy matters.
The IPC was established to provide a single place for agencies and the community to seek information and assistance with information access and privacy rights in NSW. We promote and protect privacy and information access rights in NSW by:
- providing information, advice, assistance and training for agencies and individuals on privacy and access matters
- reviewing the performance and decisions of agencies under the GIPA Act
- investigating and conciliating complaints relating to regulated entities
- providing feedback and advice to Government about the legislation and relevant developments in the law and technology.
We take a contemporary, proactive regulatory approach. Our regulatory and business efforts are aimed at ensuring that the IPC and regulated entities operate in ways that advance information access and privacy protection for the citizens of NSW. Further information about our regulatory approach is contained in our Regulatory Framework and associated plans and policies.
The functions of the IPC are overseen by the NSW Committee on the Office of the Ombudsman, the Law Enforcement Conduct Commission and the Crime Commission.
The Information Commissioner administers the following legislation:
- Government Information (Public Access) Act 2009 (NSW) (GIPA Act)
- Government Information (Public Access) Regulations 2018 (NSW) (GIPA Regulations), and
- Government Information (Information Commissioner) Act 2009 (NSW) (GIIC Act).
The Information Commissioner has the power to review decisions made by other NSW government agencies and deal with complaints about information access, undertake investigations, monitor agency functions and report to the Attorney General, and Minister for the Prevention of Domestic Violence and the Minister for Customer Service about proposals for legislative or administrative change.
Additionally, the Information Commissioner provides feedback about the legislation and relevant developments in the law and technological change as it impacts on information access.
The Information Commissioner is also:
- an investigating authority under the Public Interest Disclosures Act 1994
- the NSW Open Data Advocate.
In the role of Open Data Advocate, the Information Commissioner encourages the proactive public release of government information by agencies in ways that are respectful of data sharing safeguards, and provides information, advice and assistance to agencies and the NSW Public on access to government information. The role also provides advice to the Data Analytics Centre (DAC) and across NSW Government on the proactive release of non-personal data. The role of Open Data Advocate aligns with the functions of the Information Commissioner under the GIPA Act, in particular with authorising and encouraging the proactive public release of government information by agencies. The work of the Open Data Advocate is underpinned by the Open Data Policy and Action Plan. Further information is available from data.nsw.gov.au.
The Privacy Commissioner administers the following legislation:
- Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act)
- Privacy and Personal information Protection Regulation 2014 (NSW) (PPIP Regulation)
- Health Records and Information Privacy Act 2002 (NSW) (HRIP Act)
- Health Records and Information Privacy Regulation 2012 (NSW) (HRIP Regulations)
The Privacy Commissioner’s role includes promoting privacy as well as preparing reports recommending legislative, administrative or other action in the interests of privacy as well as conducting inquiries and investigations into privacy related matters.
The Privacy Commissioner also oversees the conduct of internal reviews by regulated entities and deals with complaints about privacy related matters. NSW Privacy Commissioner also has the power to receive, investigate and conciliate complaints made against an agency, health service provider or organisation holding health information. The Privacy Commissioner reports to ministers responsible for the above legislation about proposals for legislative or administrative change. Corporate functions and services
We have corporate functions and obligations that we are required to fulfil including the effective and efficient management of:
- annual reporting
- information technology
- legislative compliance
- corporate governance.
These functions are conferred on the IPC under a number of Acts. Some of the key Acts include:
- Government Sector Employment Act 2013 – employment of staff
- Government Information (Public Access) Act 2009 – publication of certain government information and granting access to other information
- Privacy and Personal Information Protection Act 1998 – standards and requirements for collection and use of personal information
- Work Health and Safety Act 2011 – requirements for healthy and safe work practices
- Workplace Injury Management and Workers Compensation Act 1998 – management of injury and return to work
- Annual Reports (Departments) Act 1985 – requirements for annual reporting
- Government Sector Finance Act 2018 – management and administration of financial affairs
- Public Interest Disclosures Act 1994 – requirements for dealing with complaints under the Act.
We are supported to undertake many of these functions by the Department of Customer Service.
3. Organisational structure
We are a separate agency under Schedule 1 of the Government Sector Employment Act 2013 (GSE Act) and the Information Commissioner is appointed as agency head and is responsible to the relevant Minister. As the agency head, the Information Commissioner is responsible for the budget and the general administration of the IPC, including employing and allocating staff to carry out our work.
The NSW Committee on the Office of the Ombudsman, the Law Enforcement Conduct Commission and the Crime Commission oversees the functions of the Information Commissioner and Privacy Commissioner. The Privacy Commissioner reports to the NSW Parliament on the operation of the PPIP Act and the HRIP Act. The Information Commissioner reports to the NSW Parliament on the operation of the GIPA Act.
The Information Commissioner, Elizabeth Tydd was appointed under the Government Information (Information Commissioner) Act 2009 for a term of five years. Ms Tydd was appointed on 23 December 2013 and re-appointed for a further five-year term in December 2018.
The Privacy Commissioner, Samantha Gavel was appointed under the Privacy and Personal Information Protection Act 1988 also for a term of five years. Ms Gavel was appointed on 4 September 2017.
We have four business units to assist the CEO in the exercise of the functions of the IPC. These units are:
- Communication and Corporate Affairs – strategically informs, shapes and delivers the IPC’s regulatory message to stakeholders
- Legal Counsel and Regulatory Advice – develops regulatory advice, reporting and intelligence services to support the IPC and the Commissioners
- Investigation and Review – delivers the IPC’s and Commissioners regulatory functions to promote compliance with the legislation and support members of the public to access their rights
- Systems and Corporate Services – provides HR, IT, procurement and other business services in conjunction with external providers.
See the full copy of our corporate structure on the IPC website.
Each year we report on our activities over the course of the year through our Annual Report. See our website for all published Annual Reports to date.
We are located at:
For further information about us, you can contact the IPC with the details below:
We are committed to promoting public participation and to establishing arrangements that support members of the public to participate in the formulation of our policies and in the exercise of our functions.
We recognise the importance of public involvement in the development of policy and service delivery. Engaging with and maintaining public participation ensures that the needs and expectations of the public are considered in the business of government and can deliver meaningful improvement in policy outcomes and service delivery.
Throughout the year we look for opportunities to engage directly with the public to seek input on our work, in the exercise of our functions and on important issues affecting information access and privacy rights.
We conducted our first direct public engagement event to promote Right to Know Day in September 2018 and in March 2019 we also conducted a direct public engagement event to promote Privacy Awareness Week. These events are detailed through the following links:
We engage with the public regularly through a number of electronic channels, to provide a fast and easy way for the public to approach us, seek our assistance or provide us with feedback.
When considering any consultation with the NSW community, we take into consideration what we are asking, why we are asking it, and who we want to ask. This informs which channel will be used to conduct the consultation or survey.
We use our website, Twitter, email groups and other communication channels to let people know when we are conducting public consultations. We will provide you with the necessary information to understand the purpose of any consultation we do.
We conduct surveys to obtain the views of our stakeholders to inform the statutory reports of the Commissioners and the IPC’s broader regulatory work. Survey results assist us to understand citizen’s knowledge and awareness of our legislation, key themes and trends. This information is used to inform the development of regulatory resources. We proactively publish the results from the surveys we conduct on our website and these results are generally available as part of our reports.
Our website is used to provide the public with resources and information about our regulatory functions and activities, awareness campaigns, submissions, events, policies, news and developments. Members of the public can use the Contact us section of the website to get in touch with us and provide feedback on our activities and functions. The website can be accessed at www.ipc.nsw.gov.au.
In 2019 we conducted a review of our website resulting in a new streamlined structure to access information. The IPC NSW website details the release of new information through a number of links including specific information that was developed or updated to deal with the amendments to legislation that took effect in November 2018. Additionally, the IPC provided guidance regarding a voluntary data breach notification scheme in New South Wales. Some of the most significant links containing new information released throughout the year are contained below:
Social media (Twitter)
The IPC Twitter account (@IPCNSW) is used to provide the public with instantaneous information about our latest news, publications, consultations, campaigns, and other areas of interest relating to the IPC. Our Twitter account is monitored during office hours. Members of the public can join the conversation, however we may not be able to respond individually to all the messages that we receive via Twitter. Additionally, given the character limitation on Twitter, we may request that you contact us via our other channels to complete your enquiry.
The IPC LinkedIn account is used to promote and encourage connection with us by other organisations. Where possible we use this channel to promote events and launches including the IPC GIPA Tool and proactive campaigns for Right to Know Week and Privacy Awareness Week.
NSW Have your say
Have Your Say is a website that enables NSW Government agencies to publicise consultations being conducted throughout the state. The site provides a central place for the public to search via their location and/or by topic to discover consultations that interest them.
It enables them to share their views and ideas on Government plans to improve services, the economy and infrastructure in NSW. We use Have Your Say as an additional channel whenever we commence a consultation.
We receive agency reports containing data on GIPA obligations and these reports are used by the IPC as the basis for the Information Commissioner’s annual Report on the Operation of the Government Information (Public Access) Act 2009, across all agencies and dis-aggregated to the sector level.
As part of our commitment to Open Data and transparency in government, and support of the NSW Government’s Open Data Policy (2016) we make online agency-level GIPA data more accessible by publishing it in a form that allows deeper analysis and comparisons..
OpenGov NSW is a website that allows NSW Government agencies to make information available to the public including annual reports and open access information released under the GIPA Act. We utilise this channel to publish annual reports, and to proactively release open access information for the public.
The Information and Privacy Advisory Committee (IPAC) is an advisory body to the Information Commissioner and the Privacy Commissioner. Members of IPAC are appointed by the Attorney General from representatives of the public providing opportunity for the community to participate and contribute to the advancement of information access and privacy rights.
We welcome input and feedback from the public, community organisations and government agencies regarding our services and publications. We receive a range of diverse correspondence and complaints through a variety of channels including our website, emails, letters, phone calls and social media.
Members of the public are encouraged to provide feedback on our services and publications. This feedback is important to us and assists us to inform our policies and publications and improve our services.
We published the first results of our survey of case management services in our 2018/19 Annual Report. The link is available below:
We are committed to responding to feedback and complaints in accordance with the IPC Service Charter.
All feedback and complaints are dealt with confidentially and personal information is managed in accordance with the privacy protection principles in the PPIP Act. Further information about how we handle personal information is available in the IPC’s Privacy Management Plan.
You can provide feedback to us by phone to 1800 472 679 or email to email@example.com.
As an agency that administers NSW information access and privacy legislation, a key part of our work is delivered through our regulatory functions and activities. These relate primarily to the review, complaint, reporting, investigative and advisory work of the IPC.
We have developed a Regulatory Framework, which, combined with the Information Commissioner’s Regulatory Plan 2017 - 2019 sets out our regulatory approach and priorities in promoting compliance and protecting information access rights and privacy.
We use a range of approaches to deliver the compliance activities we identify as necessary to achieve our regulatory objectives and to influence long-term cultural change for better information access by agencies. This involves the examination of process and legislative requirements to inform development of regulatory activities and resources. The development of individual regulatory activities creates an opportunity for meaningful engagement with both agencies and citizens in raising awareness and understanding of the GIPA Act. Our engagement is designed to be achieved through the mechanisms outlined in section 6.2 of this AIG.
Through the review of agency decisions and complaints received, the public plays an important role in informing the Information Commissioner on systemic issues, themes and developing trends, and informs the development of the IPC’s Regulatory Plan each year.
In addition, we welcome other feedback from the public on agency compliance, including concerns about accessing information under the GIPA Act.
You can provide feedback to us by phone to 1800 472 679 or email to firstname.lastname@example.org. We also seek out feedback from the NSW community and its stakeholders on our regulatory activities through our website.
We hold a range of information including:
- Policy and planning documents
- Documents on the internal administration of the agency
- Internal working papers of the agency
- Documents prepared for submission to the NSW Committee on the Office of the Ombudsman, the Law Enforcement Conduct Commission and the Crime Commission
- Documents relating to complaints, audits, reviews and investigations conducted by the Information Commissioner and the Privacy Commissioner
- Correspondence with NSW government agencies
- Correspondence with the public
- Correspondence with other jurisdictions
- Guidelines and directions issued by the Privacy Commissioner and the Information Commissioner
- Information resources for the community, public sector and private sector.
Some of this information can be accessed on our website at www.ipc.nsw.gov.au. If you find that you are having difficulties reading our documents or other material, please contact us on 1800 472 679 so we can provide other options for you to access our material.
Alternatively, if you cannot find the information you are seeking on our website, please contact us to assist you.
We keep records associated with our functions of reviewing agency decisions, providing advice and guidance to the public and regulated entities as well as other non-regulatory functions.
We make information available under the GIPA Act in four ways:
- as open access information
- through proactive release of information
- through informal access
- in response to a formal access application.
Information which is classified as open access information is information which we are required to make available. This information is made available unless it is not in the public interest to do so.
Open access information that we make available is generally via our website free of charge. This freely available information is generally provided through the following publications:
- IPC Annual Reports
- IPC Strategic Plan
- other documents tabled in Parliament concerning the IPC
- current agency policy documents
- all current privacy and information access guidelines and directions issued by the Privacy Commissioner and the Information Commissioner
- Register of government contracts and tenders
- our disclosure log (section 6.6 of this guide provides further information about our disclosure log)
- this IPC Agency Information Guide
Through our disclosure of proactive information, the IPC aims to assist the public with access to other government information. We disclose other government information that we hold that is not required by the GIPA Act in the form of open access and routinely identify information for proactive release.
For example, in 2018 we released the privacy impact assessment of the GIPA Tool pro-actively via our website. During 2020, the IPC will continue to look for opportunities to develop our proactive release.
Currently, proactively released information that is available on the IPC’s website includes:
- IPC Code of Conduct
- IPC Regulatory Framework
- IPC Regulatory Plan
- IPC Strategic Plan
- IPC Service Charter
- IPC Privacy Management Plan
- IPC Audit and Risk Committee Charter
- IPC Public Interest Disclosures Internal Reporting Policy
- IPC Media Protocol
- IPC Internal Audit Manual
- Information Commissioner's Instrument of Delegation of Authority
- GIPA Review Decisions
- Information Commissioner Investigation Reports
- Privacy Commissioner Investigation Reports
- Statutory Reports
- Submissions to other Agencies
- Trends in voluntary breach notification
- Reports on the Operation of the Government Information (Public Access) Act 2009
Members of the public can request information from us that is not available through our website. We will endeavour to respond to these requests informally, and only require a formal access application in limited circumstances.
If the information is in the public interest to disclose, we will make the information available free of charge.
An informal request for access to information can be made by contacting our Right to Information Officer – see contact details below at section 6.7.
After considering requests to informally access information, applicants who want to submit a formal access application can do so by contacting the Right to Information Officer.
To make a formal access application for information held by us, an access application must:
- be in writing and
- sent by email to email@example.com; or
- lodged in person at our office at Level 17, 201 Elizabeth Street Sydney NSW 2000
- clearly indicate that it is a formal access application made under the GIPA Act
- state the name of the applicant and a postal or email address as the address for correspondence in connection with the application
- provide such information as is reasonably necessary to enable the government information applied for to be identified.
An applicant must disclose on their access application whether they have applied to another agency, at any time, for substantially the same information, and if so, they must identify the agency. However, an application will not be invalid if an applicant fails to make this disclosure.
A GIPA Access Application form for information held by the IPC is available on our website.
Under section 127, of the GIPA Act, we have exercised our discretion to waive all fees and charges associated with access applications. This supports the object of the GIPA Act, which is intended to facilitate access to government information at the lowest reasonable cost.
Applicants intending to make a formal application are encouraged to consider the impact of the excluded information provisions on the information that they intend to request access to. This is outlined in summary at section 6.5 of this AIG.
The GIPA Act prescribes that some information held by us, which forms part of our complaint handling, review and investigative functions relating to the Information Commissioner and Privacy Commissioner, is excluded information.
This means that there is a conclusive presumption against the release of this information unless the release of the information has been consented to. An access application for this type of excluded information is considered an invalid access application under the GIPA Act.
We maintain a disclosure log under section 25 of the GIPA Act which documents the information we release in response to access applications, and that may be of interest to members of the public.
Our disclosure log provides a mechanism to further proactively release information to the public.
A regular review of our disclosure log provides a valuable opportunity to analyse data collected from across the IPC on requests for information and to identify trends and documents that could be released proactively. This allows us to update our AIG to reflect the released information. Increased disclosure of information from our disclosure log allows citizens greater opportunity to participate in our policy formulation and service delivery, and identifies trends and documents that could be released proactively.
Our Right to Information Officer can be contacted using the details below:
Right to Information Officer, Information and Privacy Commission
Post: GPO Box 7011, SYDNEY NSW 2001
Phone: 1800 472 679
Business Hours: Monday to Friday 9am to 5pm (excluding public holidays)
Office: Level 17, 201 Elizabeth Street SYDNEY NSW 2000
We can be contacted through the National Relay Service (NRS) on 133 677 for anyone with a hearing or speech impairment and through the Translating and Interpreting Service (TIS) on 131 450 for anyone requiring the assistance of an interpreter.